Fallos del tipo CWE-863
2111 resultadosCVE-2026-31801HIGHzot create-only policy allows overwrite attempts of existing latest tag (update permission not required)EPSS 0.2%CVE-2026-54518MEDIUMjackson-databind: @JsonView bypass for unwrapped creator parameters in jackson-databindEPSS 0.2%CVE-2026-34972MEDIUMOpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collisionEPSS 0.2%CVE-2025-54533MEDIUMIn JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configurationEPSS 0.2%CVE-2026-41191HIGHFreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changesEPSS 0.2%CVE-2025-54532MEDIUMIn JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependenciesEPSS 0.2%CVE-2026-33312MEDIUMRead-only Vikunja users can delete project background images via broken object-level authorizationEPSS 0.2%CVE-2026-41190HIGHFreeScout has assigned-only visibility bypass via save_draft that allows hidden conversation draft injectionEPSS 0.2%CVE-2026-21359MEDIUMAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 0.2%CVE-2026-43889MEDIUMOutline: Unauthorized Document Publication via Mixed collectionId+documentId ShareEPSS 0.2%CVE-2026-42280HIGHImproper Permission Checking in Auth.js SDKEPSS 0.2%CVE-2026-6406HIGHDocker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flagEPSS 0.2%CVE-2026-46823HIGHVulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). SupportEPSS 0.2%CVE-2026-35482HIGHalf.io has an Authenticated RCE via Extension Script Sandbox EscapeEPSS 0.2%CVE-2022-40681HIGHA incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attackeEPSS 0.2%CVE-2026-32050MEDIUMOpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check BypassEPSS 0.2%CVE-2026-54021MEDIUMOpen WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameterEPSS 0.2%CVE-2025-40819MEDIUMA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validatEPSS 0.2%CVE-2025-30162LOWEast-west traffic not subject to egress policy enforcement for requests via Gateway API load balancersEPSS 0.2%CVE-2026-33343NONEetcd: Nested etcd transactions bypass RBAC authorization checksEPSS 0.2%